- The terrorist attacks in Washington and New York, and the apparent failure of US government intelligence agencies to predict or stop the attacks, will lead to a change in the way high-tech intelligence-gathering technologies, such as Echelon and Carnivore, are deployed, experts said yesterday.
Echelon is a system to monitor global communications systems that has been hinted at, but never officially acknowledged. It's said to be operated by the US National Security Agency (NSA) and the intelligence services of New Zealand, Australia, the UK and Canada.
Almost immediately after Tuesday's attacks, questions were raised as to why US intelligence was caught off guard by the incidents when it has tools such as Echelon and Carnivore (now called DCS1000) -- the email monitoring system of the Federal Bureau of Investigation (FBI) -- at its disposal.
"Echelon has concentrated on areas that are way outside the national security arena," such as counter-narcotics investigations, eavesdropping on non-profit groups and monitoring possible rivals to US businesses, says Wayne Madsen, a former computer and communications security staffer at a number of government agencies.
"Why devote valuable resources to that?" he asks. "No one would argue with using these systems to counter terrorists," but putting Echelon to use for businesses is "ridiculous," he says.
In light of the attacks, the way electronic communications surveillance technology is used will probably be reevaluated, he says. But a reevaluation may not be enough, he adds, saying that President Bush would have to order a shift away from counter-narcotics work to focus more strongly on anti-terrorism activities.
"The issue is priorities," Madsen says. "They really need to refocus their priorities to focus on the real threats."
In fact, there is already talk that use of Carnivore has increased since the attacks Tuesday. According to a report by Wired News reporter Declan McCullagh earlier Wednesday, the FBI has already begun installing Carnivore boxes at internet service providers (ISPs) and carriers. McCullagh also reported that the FBI has begun monitoring Microsoft's Hotmail email service.
Numerous ISPs and carriers, including Worldcom and Yahoo (which also runs a free email service) did not return requests for comment. Verizon Communications declined comment. Microsoft and EarthLink also declined comment except to say that they are cooperating with the authorities where appropriate.
America Online, however, "(has) not been approached about Carnivore," says AOL spokesman Nicholas Graham. "We have long stated that we would not use nor would we comply with (Carnivore)," he says. However, AOL was approached by the FBI with information requests on Tuesday, with which the company has complied. Graham declined to give further details, citing the ongoing criminal investigation.
Even if this technology had been squarely trained on terrorist activity, it might not have prevented these attacks, Madsen says.
The perpetrators "probably did not rely on any high-tech/low-tech means. Probably it was no-tech," he says. Most likely, the terrorists used small cells of operatives and safe houses to coordinate the attack.
"It's really kind of arcane trade craft, what they do," he says.
Despite this, however, Madsen does expect that the use of Echelon, Carnivore and other technologies will increase after the attacks. Their use is likely to raise the same privacy and legal concerns that it has in the past, he says, but "if Echelon is geared toward a real national security target, is anyone going to say he has privacy rights?"
Cindy Cohn, legal director of the Electronic Frontier Foundation (EFF), also expects an increase in the use of surveillance technologies.
"I suspect that we will hear calls to support these eavesdropping technologies and drop the barriers on them that already exist," she says. Additionally, tighter controls on encryption may also be proposed, she says.
That said, it's too early to say what investigators will uncover about the terrorists' uses of technology and how those discoveries will affect information technology policies, Cohn says.
"Until we know that these terrorists were even using this technology, it's premature," she says, adding that calls for stronger encryption controls were made after the Oklahoma City bombing as well, but encryption wasn't even used in that attack.
These sentiments and concerns were echoed by John Perry Barlow, co-founder and vice chairman of the EFF.
"There's absolutely nothing to indicate that the internet was used (in these attacks)," but nevertheless, politicians are already calling for reexaminations of freedoms on the internet, he says. Barlow also expects increased use of technologies such as Echelon and Carnivore and restrictions on cryptography.
"There are an awful lot of people determined to have control over a situation .... and this is a really splendid opportunity (for them)," he says.
"We need to maintain a level of close review . . . and make sure there's a link between what's happened and what they want to do," Cohn says.
The EFF and other organisations that have been critical of the government's policies in these areas will continue this kind of close review and will work to maintain a balance between national security and civil liberties, she says.
"We are the watchdogs to try to make sure that in our rush to create a secure world, we don't throw out the very liberties we're trying to protect," she says.
"We wouldn't, across the board, oppose everything that might be suggested," she says. But, Cohn adds, "we need to look carefully at what happened here before we rush into any changes in the balance between civil liberties and security."
Barlow is more pessimistic than that.
"I think that there's going to be a huge spasm of control," he says. "There are ways to address this problem without affecting our civil liberties," he adds.
"The real solution to this is not to limit our civil liberties, but to recreate intelligence organisations that can infiltrate terrorist organisations and know when they're going to do something," he says. There are other creative solutions to these problems, he says, including steering mechanisms for planes that use biometric authentication, and stationing plainclothes police officers with paralysing devices on planes.
Barlow expects support for limiting the use of surveillance technologies to decrease, even among groups that previously fought the encroachment of their use. The way to avoid this will be to stay in contact with politicians, he said. It's more likely, however, that those who do contact politicians will ask for more security, and thus more invasive technology, he says.
"I'm scared," he says, "not of the terrorists, but of our terror."
(Douglas F Gray of the IDG News Service, based in San Francisco, contributed to this report).